D-Link Wireless Routers for Home and Small Business > DIR-882

Security Advisement - Firmware 1.02B01 Released

(1/6) > >>

GreenBay42:
Seven flaws have been patched. The seven flaws include three that can be exploited to perform remote code execution, three more that can be used in denial of service attacks, and one information-leaking blunder. The full list of flaws is as follows:

CVE-2017-14491 – Remote code execution in the DNS subsystem that can be exploited from the other side of the internet against public-facing systems and against stuff on the local network. The previously latest version had a two-byte overflow bug, which could be leveraged, and all prior builds had an unlimited overflow.

CVE-2017-14492 – The second remote code execution flaw works via a heap-based overflow.

CVE-2017-14493 – Google labels this one as trivial to exploit. It's a stack-based buffer overflow vulnerability that enables remote code execution if it's used in conjunction with the flaw below.

CVE-2017-14494 – This is an information leak in DHCP which, when using in conjunction with CVE-2017-14493, lets an attacker bypass the security mechanism ASLR and attempt to run code on a target system.

CVE-2017-14495 – A limited flaw this one, but can be exploited to launch a denial of service attack by exhausting memory. Dnsmasq is only vulnerable, however, if the command line switches --add-mac, --add-cpe-id or --add-subnet are used.

CVE-2017-14496 – Here the DNS code performs invalid boundary checks, allowing a system to be crashed using an integer underflow leading to a huge memcpy() call. Android systems are affected if the attacker is local or tethered directly to the device.

CVE-2017-13704 – A large DNS query can crash the software.

Download not available at this time.

v1.02B02 is available -- http://forums.dlink.com/index.php?topic=73093.0

Malechai:
Thanks for this. How long does it generally takes for a firmware to leave beta?

GreenBay42:
Depends. Security patches may take longer since they have to go through 3rd party testing and verification. Some firmware releases may have to go through re-certification which can take time. The KRACK patches are at the highest priority so "official" releases are taking some time right now.

FurryNutz:
You can always try the beta and if it doesn't work well for you, you can down grade. Let us know what you find if any thing.


--- Quote from: Malechai on January 10, 2018, 08:44:09 PM ---Thanks for this. How long does it generally takes for a firmware to leave beta?

--- End quote ---

p4spooky:
I tried installing the 1.02B1 file using manual upload option. Got "Firmware upgrade failed" error. I am currenty on 1.01. What gives?

Navigation

[0] Message Index

[#] Next page